package app.framework.security.authorization;

import app.framework.constant.AuthConstants;
import cn.hutool.core.collection.CollectionUtil;
import jasmine.security.strategy.RbacAccessDecisionStrategy;
import jasmine.security.strategy.RbacQueryService;
import jasmine.security.strategy.UrlPatternMatcher;
import jasmine.security.subject.UserSubject;

import javax.servlet.http.HttpServletRequest;
import java.util.Map;

/**
 * @author mh.z
 */
public class CustomRbacAccessDecisionStrategy extends RbacAccessDecisionStrategy {

    public CustomRbacAccessDecisionStrategy(RbacQueryService rbacQueryService,
                                            UrlPatternMatcher urlPatternMatcher) {
        super(rbacQueryService, urlPatternMatcher);
    }

    @Override
    public boolean check(UserSubject subject, HttpServletRequest request) {
        if (subject != null) {
            Map<String, Object> data = subject.getData();

            if (CollectionUtil.isNotEmpty(data)) {
                String userType = (String) data.get(AuthConstants.SUBJECT_DATA_USER_TYPE);

                // 超级管理员拥有所有权限，不需要通过角色显示分配
                if (AuthConstants.USER_TYPE_SUPER_ADMIN.equals(userType)) {
                    return true;
                }
            }
        }

        return super.check(subject, request);
    }

}
